Intrusion Detection System Based on In-Depth Understandings of Industrial Control Logic

In industrial control systems (ICSs), intrusion detection is a vital task. Conventional intrusion detection systems (IDSs) rely on manually designed rules. These rules heavily depend on professional experience, thereby making it challenging to represent the increasingly complicated industrial control logic. Although deep learning-based approaches provide better accuracy than other methods, they can only provide alerts. However, they cannot provide administrators with detailed information. In this study, we propose the logic understanding IDS (LU-IDS), which is a rule-based IDS with in-depth understandings of industrial control logic. Our proposed LU-IDS uses a specially designed deep learning-based model to capture features automatically and carry out attack classification. More importantly, it analyzes the knowledge learned from the classification of attacks to understand the abnormal industrial control logic and generate rules. The experimental results indicate that our proposed LU-IDS demonstrates excellent performance on intrusion detection. The rules generated by our proposed LU-IDS can be used to successfully detect all types of attacks on two public datasets.